Use-After-Free Vulnerability in Linux Kernel During NTFS3 Filesystem Mount
CVE-2025-39691

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-39691?

A use-after-free vulnerability was identified in the Linux kernel which can lead to potential stack overflow issues. This occurs during the handling of NTFS3 filesystem mounts, specifically when the bh_read() function is called. The vulnerability arises when buffer heads are improperly managed. If not allocated correctly, freeing these resources can lead to data corruption and system instability. Affected users are encouraged to apply necessary patches to prevent potential threats.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 70a09115da586bf662c3bae9c0c4a1b99251fad9

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3169edb8945c295cf89120fc6b2c35cfe3ad4c9e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 03b40bf5d0389ca23ae6857ee25789f0e0b47ce8

References

https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c...

https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6...

https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Apr 16, 2025